Well, don't forget about "security-in-depth". Combine "DB password on your website" with "remote unprivileged shell" on any server that can reach the DB, and now you've got a "shell into the DB".
Security exploits aren't just bad for what they directly allow, they are bad for how they often combine well.
(You, AndrewDucker, may already know this; I'm not trying to imply otherwise. I'm saying this because this is a point that needs to be made more often, too many people ignore it. Any unauthorized access into your system needs to be taken very seriously, because of this risk.)
Security exploits aren't just bad for what they directly allow, they are bad for how they often combine well.
(You, AndrewDucker, may already know this; I'm not trying to imply otherwise. I'm saying this because this is a point that needs to be made more often, too many people ignore it. Any unauthorized access into your system needs to be taken very seriously, because of this risk.)